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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listin2 of Claims: 

1. (previously presented) A method of encrypting an object, comprising: 
combining a pluraUty of key splits to generate a cryptographic key; 
initializing a cryptographic algorithm with the cryptographic key; and 
applying the initialized cryptographic algorithm to the object, to form an 

encrypted object; 

wherein at least one of the plurality of key splits corresponds at least in part to a 
biometric measurement. 

2. (previously presented) The method of claim 1, further comprising: 

for at least one of the plurality of key splits, adding the at least one key split to the 
encrypted object. 

3. (previously presented) The method of claim 1, further comprising: 

for at least one of the plurality of key splits, adding reference data associated with 
the at least one key split to the encrypted object. 
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4. (previously presented) The method of claim 1, further comprising retrieving at 
least one of the plurality of key spUts from a storage medium. 

5. (previously presented) The method of claim 4, wherein the storage medium is 
disposed on a smart card. 

6. (previously presented) The method of claim 1, wherein combining a plurality 
of key splits to generate a cryptographic key is performed on a smart card. 

7. (currently amended) In a cryptographic system associated with an 
organization, a method of encrypting an object by a user, comprising: 

generating a first cryptographic key by combining an organization split 
corresponding to the organization, a maintenance spUt, a random spUt, and at least one 
label split; 

initiahzing a cryptographic algorithm with the first cryptographic key; 
encrypting the object according to the initialized cryptographic algorithm; 
adding combiner data to the encrypted object, wherein the combiner data includes 

reference data corresponding to at least one of the at least one label split 
and the cryptographic algorithm, 

name data associated with the organization, 

at least one of the maintenance split and a maintenance level associated 
with the maintenance split, and 
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the random split; and 
storing the encrypted object with the added combiner data. 

8. (previously presented) The method of claim 7, further comprising selecting the 
at least one label split from at least one credential. 

9. (currently amended) The method of claim 8, wherein the selected at least one 
label spUt is encrypted, the cryptographic key is a first cryptographic key, and the method 
fiirther comprises: 

deriving a second cryptographic key from a user ID associated with the user, a 
password associated with the user, and at least one of a imique data instance and a 
random value, and 

decrypting the selected at least one label split with the second cryptographic key. 

10. (previously presented) The method of claim 8, wherein the at least one 
credential is retrieved from a memory. 

1 1 . (previously presented) The method of claim 1 0, wherein the memory is 
disposed on a smart card. 
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12. (previously presented) The method of claim 8, further comprising generating 
a time stamp corresponding to a time at which the object was encrypted, wherein the 
combiner data further includes the time stamp. 

13. (previously presented) The method of claim 8, wherein the combiner data 
further includes a user ID associated with the user. 

14. (previously presented) The method of claim 7, further comprising generating 
a time stamp representing a time at which the object was encrypted, wherein the 
combiner data further includes the time stamp. 

15. (previously presented) The method of claim 7, wherein the combiner data is a 
header record. 

16. (previously presented) The method of claim 7, wherein the combiner data 
further includes one of a digital signature and a digital certificate. 

17. (previously presented) The method of claim 7, wherein the combiner data 
further includes a digital signature and a digital certificate. 

18. (currently amended) The method of claim 7, wherein the cryptographic key is 
a first cryptographic key, the method further comprising: 
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generating a second cryptographic key based at least in part on the at least one 
label split; and 

encrypting the random split with the second cryptographic key, prior to adding the 
combiner data to the encrypted object; 

wherein the random spUt included the combiner data is the encrypted random 

split. 

19. (previously presented) The method of claim 7, further comprising 
before adding the combiner data to the encrypted object, encrypting at least a 

portion of the combiner data with a header spht. 

20. (previously presented) The method of claim 19, wherein the header split is 
constant. 

21 . (previously presented) A storage medium comprising instructions for causing 
a data processor to encrypt an object, wherein the instructions include: 

generate a cryptographic key by combining a plurality of key splits; 
initiaUze a cryptographic algorithm with the cryptographic key; and 
apply the initialized cryptographic algorithm to the object to form an encrypted 

object; 

wherein at least one of the plurality of key splits corresponds at least in part to a 
biometric measurement. 
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22. (previously presented) The storage medium of claim 21, wherein the 
instructions further include: 

for at least one of the plurality of key splits, add the at least one key split to the 
encrypted object. 

23. (previously presented) The storage medium of claim 21, wherein the 
instructions further include: 

for at least one of the plurality of key spUts, add reference data associated with the 
at least one key spht to the encrypted object. 

24. (previously presented) The storage medium of claim 21, wherein the 
instructions further include: 

retrieve at least one of the plurality of key splits from a memory. 

25. (previously presented) The storage medium of claim 24, wherein at least a 
portion of the memory is disposed on a smart card. 

26. (previously presented) The storage medium of claim 21, wherein the data 
processor is distributed, and the instruction to generate a cryptographic key is executed at 
least in part on a smart card. 



Application No. 09/388,195 
Amendment 

Reply to Office action of 05/17/2004 



Page 8 of 44 



27. (currently amended) A storage medium comprising instructions for causing a 
data processor to encrypt an object, wherein the instructions include: 

generate a lirst cryptographic key by combining an organization split 
corresponding to an organization, a maintenance split, a random split, and at least one 
label split; 

initialize a cryptographic algorithm with the fost cryptographic key; 

apply the initialized cryptographic algorithm to the object to form an encrypted 

object; 

add combiner data to the encrypted object, wherein the combiner data includes 
reference data corresponding to at least one of the at least one label split 
and the cryptographic algorithm, 

name data associated with the organization, 
at least one of the maintenance spUt and a maintenance level 
corresponding to the maintenance split, and 
the random split; and 
store the encrypted object with the combiner data for subsequent access. 



28. (previously presented) The storage medium of claim 27, wherein the 
instructions fiirther include select the at least one label split from at least one credential. 
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29. (currently amended) The storage medium of claim 28, wherein the selected at 
least one label split is encrypted, the cryptographic key is a first cryptographic key, and 
the instructions further include: 

derive a second cryptographic key from a user ID associated with a user, a 
password associated with the user, and at least one of a unique data instance and a 
random value; and 

decrypt the selected at least one label split with the second cryptographic key. 

30. (previously presented) The storage medium of claim 28, wherein the 
instructions further include: 

retrieve at least one credential from a memory. 

3 1 . (previously presented) The storage medium of claim 30, wherein the memory 
is disposed on a smart card. 

32. (previously presented) The storage medium of claim 28, wherein the 
instructions further include generate a time stamp corresponding to a time at which the 
object was encrypted, wherein the combiner data further includes the time stamp. 



33. (previously presented) The storage medium of claim 28, wherein the 
combiner data further includes a user ID associated with the user. 
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34. (previously presented) The storage medium of claim 27, wherein the 
instructions further include generate a time stamp corresponding to at which the object 
was encrypted, wherein the combiner data further includes the time stamp. 

35. (previously presented) The storage medium of claim 27, wherein the 
combiner data is a header record. 

36. (previously presented) The storage medium of claim 27, wherein the 
combiner data further includes one of a digital signature and a digital certificate. 

37. (previously presented) The storage medium of claim 27, wherein the 
combiner data further includes a digital signature and a digital certificate. 

38. (currently amended) The storage medium of claim 27, wherein the 
cryptographic key is a first cryptographic key, and the instructions further include: 

generate a second cryptographic key based at least in part on the at least one label 
split; and 

encrypt, with the second cryptographic key, the random split, prior to executing 
the instruction to add the combiner data to the encrypted object; 

wherein the random split included in the combiner data is the encrypted random 

split. 
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39. (previously presented) The storage medium of claim 27, wherein the 
instmctions further include 

prior to executing the instruction to add the combiner data to the encrypted object, 
encrypt at least a portion of the combiner data with a header spUt; 

40. (previously presented) The storage medium of claim 39, wherein the header 
split is constant. 

41. (new) The method of claim 1, wherein combining the plurahty of key sphts 
includes applying a non-linear function to the pluraUty of key splits. 

42. (new) The method of claim 41, wherein the crypto graphic key is a single- 
integer cryptographic key. 

43. (new) The method of claim 1, wherein the key splits are provided by at least 
one of a policy manager and a credentials manager. 

44. (new) The method of claim 1, wherein the cryptographic algorithm is a 
symmetrical algorithm. 

45. (new) The method of claim 1, wherein the cryptographic key is a session 

key. 
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46. (new) The method of claim 7, wherein combining the organization split, the 
maintenance split, the random split, and the at least one label split includes applying a 
non-linear function to the splits 

47. (new) The method ofclaim 46, wherein the cryptographic key is a single- 
integer cryptographic key. 

48. (new) The method ofclaim 7, wherein the organization split, the 
maintenance split, the random split, and the at least one label split are provided by at least 
one of a policy manager and a credentials manager. 

49. (new) The method of claim 7, wherein the cryptographic algorithm is a 
symmetrical algorithm. 

50. (new) The method of claim 7, wherein the cryptographic key is a session 

key. 

5 1 . (new) The storage medium of claim 2 1 , wherein combining the plurality of 
key splits includes applying a non-linear function to the plurality of key splits. 
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52. (new) The storage medium ofclaim 51, wherein the cryptographic key is a 
single-integer cryptographic key. 

53. (new) The storage medium of claim 21, wherein the key splits are provided 
by at least one of a policy manager and a credentials manager. 

54. (new) The storage medium ofclaim 21, wherein the cryptographic algorithm 
is a symmetrical algorithm. 

55. (new) The storage mediimi ofclaim 21, wherein the cryptographic key is a 
session key. 

56. (new) The storage medium of claim 27, wherein combining the organization 
split, the maintenance split, the random split, and the at least one label split includes 
applying a non-linear function to the splits. 

57. (new) The storage medium of claim 56, wherein the cryptographic key is a 
single-integer cryptographic key. 

58. (new) The storage medium of claim 27, wherein the organization split, the 
maintenance split, the random split, and the at least one label split are provided by at least 
one of a policy manager and a credentials manager. 
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59. (new) The storage medium of claim 27, wherein the cryptographic algorithm 
is a symmetrical algorithm. 

60. (new) The storage mediimi of claim 27, wherein the cryptographic key is a 
session key. 



